Mitel 6800 Series SIP Phone Release 4.2.0 Administrator Guide
<LH>*<RH>.<Any Other Labels>.com
where LH and RH can be any valid string or empty and the asterisk (i.e "*") is the wildcard
character. For example, service providers can add DNS names like the following in the SAN
of their certificates:
•
*.example.com
•
*xyz.example.com
•
xyz*.example.com
•
abc*xyz.example.com
•
If the phone's configured HTTPS server name is an IP address, it will be matched identically
with the DNS names and IP address names from the certificate SAN.
User Interface
Certificate Rejection
When the phone rejects a certificate, it displays, "Bad Certificate" on the LCD.
For Verisign Certificate Rejection
The phones support 2048-bit Verisign certificates. In case of a certificate error, detailed
descriptions can be found from the error message list in the phone status menu.
The following error descriptions are now available:
•
No Certificate
•
Bad Certificate
•
Unsupported Certificate
•
Certificate Revoked
•
Certificate Expired
•
Certificate Unknown
Configuring HTTPS Server Certificate Validation
An Administrator can configure HTTPS Server Certificate Validation using the configuration
files, the IP Phone UI, or the Mitel Web UI. Use the following procedures to configure the HTTPS
server certificate validation on the IP phones.
CONFIGURATION FILES
For specific parameters you can set in the configuration files, see Appendix A, the section,
"HTTPS Server Certificate Validation Settings"
4-39
on
.
page A-33